# Uni CTF 2022: UNIX Socket Injection to Custom RCE POP Chain – Spell Orsterra
In the world of Capture The Flag (CTF) competitions, challenges can range from simple puzzles to complex security exploits. One such intriguing challenge from the **UNI CTF 2022** was titled **Spell Orsterra**. In this post, we will explore the creator’s perspective, the motives behind the challenge, and provide a detailed write-up of the web challenge.
## Understanding the Challenge
The **Spell Orsterra** challenge was designed to test participants’ skills in **UNIX socket injection** and the creation of a **Remote Code Execution (RCE) POP chain**. This challenge not only required technical knowledge but also a creative approach to problem-solving. The creator aimed to push the boundaries of what participants could achieve, encouraging them to think outside the box.
## The Creator’s Perspective
From the creator’s viewpoint, the challenge was crafted to be both educational and engaging. They wanted to provide a platform where participants could learn about **UNIX sockets** and how they can be exploited. The challenge was not just about finding a solution but understanding the underlying principles of security vulnerabilities. This approach fosters a deeper appreciation for cybersecurity and encourages participants to develop their skills further.
## Challenge Motives
The motives behind the **Spell Orsterra** challenge were multifaceted. Firstly, it aimed to raise awareness about the importance of securing applications against **socket injection attacks**. By simulating real-world scenarios, participants could gain valuable insights into how attackers think and operate. Secondly, the challenge sought to create a community of learners who could share their experiences and knowledge, ultimately contributing to a safer digital environment.
## Write-Up of the Challenge
The write-up of the **Spell Orsterra** challenge provides a comprehensive overview of the steps taken to solve it. Participants began by analyzing the provided code and identifying potential vulnerabilities. Through careful examination, they discovered how to exploit the **UNIX socket** to execute arbitrary code.
The process involved creating a **POP chain**, which is a sequence of operations that allows an attacker to control the execution flow of a program. By manipulating the socket, participants could inject their code and achieve **Remote Code Execution**. This step-by-step approach not only highlights the technical aspects of the challenge but also emphasizes the importance of methodical thinking in cybersecurity.
## Conclusion
The **Spell Orsterra** challenge from **UNI CTF 2022** serves as a fantastic example of how CTF competitions can educate and inspire participants. By exploring the intricacies of **UNIX socket injection** and **RCE**, individuals can enhance their skills and contribute to a more secure digital landscape.
For those interested in diving deeper into this challenge, I invite you to check out the full write-up on the [Hack The Box blog](https://www.hackthebox.com/blog/uni-ctf-2022-spell-orsterra-writeup). Happy learning!
stop
